CVE-2025-7564 | LB-LINK BL-AC3600 1.0.22 /etc/shadow hard-coded credentials

Inserito da Angelo Barbosa | Lug 12, 2025 | CVE

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials.

This vulnerability is handled as CVE-2025-7564. Local access is required to approach this attack. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7564 | LB-LINK BL-AC3600 1.0.22 /etc/shadow hard-coded credentials

Post correlati

CVE-2024-11501 | Gallery Plugin up to 1.3 on WordPress code injection

CVE-2024-24752 | brefphp bref up to 2.1.12 Multipart Request /tmp RequestHandlerInterface resource consumption (GHSA-x4hh-frx8-98r5)

CVE-2024-45401 | stripe-cli up to 1.21.2 Manifest path traversal (GHSA-fv4g-gwpj-74gr)

CVE-2024-38732 | VolThemes Patricia Blog Plugin up to 1.2 on WordPress cross-site request forgery